Cyberattack: frequently asked questions - Updated on January 16, 2026

What is “personal data”?

According to Article 4 of the General Data Protection Regulation (GDPR), this refers to “any information relating to an identified or identifiable natural person.” The various pieces of information that can lead to the identification of a specific person therefore constitute personal data. Examples include first and last name, postal address, email address, phone number, ID photo, and bank details.

What is a DPO (data protection officer)?

This person is responsible for overseeing personal data protection, assessing the impact of the incident, notifying the authorities (CNIL) if necessary, and ensuring that the individuals concerned have been informed, in collaboration with the cybersecurity team.

Do you know the exact cause of the incident?

On January 5, 2026, AgroParisTech detected a security incident affecting its information system. As soon as the incident was identified, and in order to prevent it from spreading, the necessary security measures were put in place and all information systems were disconnected.

With the help of external experts, AgroParisTech has been investigating over the past few days and was quickly able to identify the source of the incident. The incident is now closed and the systems are gradually being brought back online in a secure manner.

Why does AgroParisTech hold personal data?

AgroParisTech must use and store personal data in order to fulfill its duties as an employer and as an educational, research, and innovation institution.

How can I find out if I am affected by the incident and if my data has been hacked?

If you are contacted or informed individually by the DSN, then you are indeed affected by the hacking of your Seafile data.

Should I file a complaint on my own behalf and as a preventive measure?

The complaint filed by AgroParisTech was made within an institutional and legal framework. As such, it is covered by confidentiality rules and cannot be disclosed to the individuals involved in the incident.

Filing a complaint is only necessary if you are personally the victim of a crime, such as identity theft or fraud.

Should I file a complaint personally if I notice fraudulent use of my personal data?

In this case, it is strongly recommended that you inform the organization affected by the fraud and file a complaint as soon as possible.

In this case, you can indicate that AgroParisTech filed a complaint on January 6, 2026 with the Massy police station.

Do I have to close my bank account if my bank details have been hacked?

This is not systematic. To prevent potential fraud, you can ask your bank advisor to set up a whitelist of creditors authorized to make direct debits from your account.

How can I find out if consumer loans have been taken out without my knowledge?

You can request a list of your bank accounts and any consumer credit agreements you may have (FICOBA).

https://www.banque-france.fr/fr/actualites/ficoba-lacces-la-liste-de-vos-comptes-bancaires-simplifie

If I receive an email that looks like phishing, does that mean my data was stolen during the cyberattack?

Massive, opportunistic phishing campaigns are common practice. The fact that you received an email that looks like phishing does not necessarily mean that your data was stolen during the cyberattack.

That is why caution should always be exercised when dealing with these practices.

Reminder of practical guides available online:

How can I receive support?

If you have any questions regarding this incident, please send us an email:

For all matters relating to competitions organized by AgroParisTech: @email
For the Palaiseau, Reims, Orléans, and Kourou campuses: @email
For the Montpellier campus: @email
For the Nancy campus: @email
For the Clermont-Ferrand campus: @email

Who should I contact regarding the provisions applicable to research data?

I am sending a message to @email

How can I tell if the emails I receive are not fraudulent?

To protect yourself, here are some simple tips for recognizing a fraudulent email:

Check the sender: a fraudulent email often comes from an address that looks like it belongs to a legitimate company, but with a mistake, a strange domain, or a Gmail, Hotmail, etc. address that does not correspond to a professional organization’s email address.
Be wary of urgency: Fraudulent emails often insist that you act quickly, or face serious consequences. They play on fear or urgency, saying things like “Your account will be suspended if you don’t respond before X.”
Do not click on suspicious links: hover over links without clicking to check that they match the official address. Links in fraudulent emails often lead to sites that mimic official sites, designed to steal your information.
Beware of strange attachments: do not open attachments if you were not expecting them or if they have an unusual extension (.exe, .scr).
Lack of personalization: fraudulent emails often use generic phrases (“Dear customer,” “User”) instead of your name.
Look for mistakes: fraudulent emails often contain spelling, grammar, or syntax errors.
Be wary of requests for personal information: never send your passwords, bank account numbers, or other sensitive data by email.

If you receive a suspicious email, do not reply, click on any links, or download any attachments. We recommend reporting the email to @email and the data protection officer, @email.

What are the best practices for passwords?

The recommended practices for your passwords are as follows:

Use a different password for each service/account;
Use a long and complex password, i.e., at least 12 characters combining uppercase letters, lowercase letters, numbers, and special characters;
Use a password that is impossible to guess and does not include personal information;
Change your passwords regularly.

How can I regain access to the AgroParisTech information system?

The DSN sent an email to staff and students using an email address other than that of AgroParisTech to provide instructions on this point.

Staff who have not received an email should contact their campus’s local service in person or contact the local IT service in Palaiseau at @email, which will handle their request.

Were AgroParisTech's information systems up to date and sufficiently protected?

Our system was up to date and properly maintained. Unfortunately, no computer system is completely immune to cybercrime.

We quickly identified the source of the incident and took the necessary corrective measures immediately. In addition to these measures, we are currently working to strengthen the security of our information systems.

How can you explain the delay between the incident and the communication made to AgroParisTech staff and students?

Given the nature of the incident and our business, we were required to first inform the relevant authorities (CNIL, ANSSI) and ensure that they were fully aware of the situation before communicating more widely.

A complaint has also been filed with the National Police.

We communicated with all AgroParisTech staff and students as soon as we were able to do so with the means available, given the ongoing attack.

What measures has AgroParisTech put in place following the cyberattack?

AgroParisTech sought the expertise of a security incident response provider (SIRP), which conducted an audit and defined an action plan to further secure the information systems.

Have those responsible for the attack been identified?

To date, those responsible for the attack have not been clearly identified. Following the complaint filed by AgroParisTech, a police investigation has been launched to try to identify those responsible for the attack.